Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94863 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 26397 invoked from network); 5 Aug 2016 16:29:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Aug 2016 16:29:28 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.221 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.221 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.221] ([81.169.146.221:59715] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B6/2E-33134-4EEB4A75 for ; Fri, 05 Aug 2016 12:29:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1470414560; l=3678; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=XBd67VX4YyCPUleDwXPglmNo2MklKi7N2Zp7BnTretE=; b=uJTm00dz+PH7VR1ztKjdbAJ7ejFql/PleJIS3u0wAaXB2eoT+YVMGJJ6+QVHgsY5pFt TCWRUj0LdBlHFCRVDDCYbnUmsLzMeMhMNMliQ4F6RWmkC4TYGh436i2aY2MADKeoWxfP7 DcDPUqV15gbVETEUiXmWYxrjZcs25TFY7ws= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtOnc6 X-RZG-CLASS-ID: mo00 Received: from mail-wm0-f54.google.com ([74.125.82.54]) by smtp.strato.de (RZmta 38.13 AUTH) with ESMTPSA id a0a548s75GTK3KP (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Fri, 5 Aug 2016 18:29:20 +0200 (CEST) Received: by mail-wm0-f54.google.com with SMTP id o80so44419271wme.1 for ; Fri, 05 Aug 2016 09:29:20 -0700 (PDT) X-Gm-Message-State: AEkoout91yYLGQzCQCp8uIhdi22SajOHCcyguqq5MNzTAjBQYcACT4ftVvQVsacEAO7Xj5fje7qDusSZvjUgKA== X-Received: by 10.194.184.39 with SMTP id er7mr69737303wjc.159.1470414560608; Fri, 05 Aug 2016 09:29:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.27.206 with HTTP; Fri, 5 Aug 2016 09:29:20 -0700 (PDT) In-Reply-To: References: Date: Fri, 5 Aug 2016 18:29:20 +0200 X-Gmail-Original-Message-ID: Message-ID: To: "Charles R. Portwood II" Cc: PHP internals Content-Type: multipart/alternative; boundary=047d7ba97a108ed46b053955910c Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Argon2 Password Hash From: me@kelunik.com (Niklas Keller) --047d7ba97a108ed46b053955910c Content-Type: text/plain; charset=UTF-8 2016-08-05 14:47 GMT+02:00 Charles R. Portwood II < charlesportwoodii@erianna.com>: > Hello Internals, > > Due to a couple issue with the original RFC's scope, the RFC for > introducing Argon2 as an alternative hashing algorithm for the password_* > functions was closed shortly after starting on Monday. > > The following details were adjusted. and I would appreciate your feedback > before re-opening the vote. > > - The RFC scope was reduced to only cover inclusion in 7.2. This RFC no > longer proposes changes to PASSWORD_DEFAULT in 7.4. > - Argon2d is not suitable for password hashing, and has been removed to > keep in line with the scope goals of the password_* functions. > - The configure flag was changed to --with-argon2 to > --with-password-argon2 to further clarify the scope of this RFC. > > Further rationale for these items is provided in the RFC itself. > > The RFC is available at: https://wiki.php.net/rfc/argon2_password_hash. > > Thanks to those who emailed me directly to discuss the matter on Monday, > and for your feedback on these changes. > > *Charles R. Portwood II* > Hi Charles, I'd prefer `memory_cost` and `time_cost` over `m_cost` and `t_cost`. Do we have any reason to use the shorter but less readable names here? Regards, Niklas --047d7ba97a108ed46b053955910c--